IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Reaper IoT botnet 'only partially mobilised'

Report finds up to two million infected devices have yet to be activated

Despite the Reaper botnet receiving widespread coverage over the past few weeks, it seems it's not as powerful as security researchers first thought, as many of its bots are not actually operating to disable networks.

Although there are between 10,000 and 20,000 bots launching attacks, another two million hosts that have the potential to become part of it have for some reason not been launched, according to a report by Arbor Networks.

"Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism," the company said in its analysis of the threat.

It's likely that Reaper may have been created to form part of a booter/stresser service for the Chinese DDoS-for-hire market, according to the report, as deeper research into the botnet's behaviour revealed that some of its code appears to be based upon the more powerful Mirai IoT malware.

"While Reaper is capable of launching SYN-floods, ACK-floods, HTTP floods, and DNS reflection/amplification attacks, it is likely to have other, yet-to-be-determined DDoS attack capabilities, as well," Arbor's Security Engineering & Response Team (ASERT) said in a blog post.

The Reaper botnet was first discovered by Qihoo 360 Netlab last month and since its discovery, it's been adapted to pose a threat to a range of connected devices including IP-based cameras, routers, storage boxes and Wi-Fi points from vendors including D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, and Synology.

Netgear released a statement saying it's continuously adapting its firmware and security patches to make sure products are as protected as well as they can be.

"Netgear appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats," it said. "Being proactive rather than reactive to emerging security issues is a fundamental belief at Netgear."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022